We should check NULL pointer first before reference its member, and check the limit on the data buffer in function str_remove_initial.
Signed-off-by: Wang Sheng-Hui <shh...@gmail.com> --- usr/strings.c | 13 +++++++++---- 1 files changed, 9 insertions(+), 4 deletions(-) diff --git a/usr/strings.c b/usr/strings.c index ee6a51c..6432c2c 100644 --- a/usr/strings.c +++ b/usr/strings.c @@ -97,11 +97,16 @@ int str_enlarge_data(struct str_buffer *s, int length) void str_remove_initial(struct str_buffer *s, int length) { - char *remaining = s->buffer + length; - int amount = s->data_length - length; - - if (s && length) { - memmove(s->buffer, remaining, amount); + char *remaining; + int amount; + + if (s && length) { + remaining = s->buffer + length; + amount = s->data_length - length; + if (amount < 0) + amount = 0; + if (amount) + memmove(s->buffer, remaining, amount); s->data_length = amount; s->buffer[amount] = '\0'; } -- 1.7.1 -- You received this message because you are subscribed to the Google Groups "open-iscsi" group. To post to this group, send email to open-iscsi@googlegroups.com. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.